104 matches found
EUVD-2021-24727
Malware in sbrugna...
EUVD-2019-0185
Malware in sbrugna...
EUVD-2022-1401
Malicious code in bioql PyPI...
EUVD-2025-23557
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
com.liferay:com.liferay.captcha.impl are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper captcha validation which allows attackers to bypass verification and execute scripts in the Gogo shell...
Linux Distros Unpatched Vulnerability : CVE-2021-3121
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the skippy peanut butter issue...
Liferay Portal 7.4.0.x <= 7.4.3.132 Multiple Vulnerabilities
The version of Liferay Portal installed on the remote host is 7.4.x = 7.4.3.132. It is, therefore, affected by multiple vulnerabilities: - A reflected cross-site scripting XSS vulnerability in the Liferay Portal allows an remote non-authenticated attacker to inject JavaScript into the...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
GHSA-3J6H-5V68-HVQG Liferay Portal CAPTCHA Bypass for Gogo Shell
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Captcha process. An attacker can execute arbitrary scripts by bypassing the CAPTCHA check in the Gogo shell. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...
Liferay Portal CAPTCHA Bypass for Gogo Shell
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
CVE-2025-4604 affects Liferay Portal 7.4.3.80 through 7.4.3.132 and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92. The vulnerability allows bypassi...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
CVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...
PT-2025-31872
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.80 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...
Liferay Portal 跨站脚本漏洞
Liferay Portal is a J2EE-based portal solution from the US company Liferay. The solution uses technologies such as EJB and JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. Liferay Portal suffers from a cross-site scripti...
Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2021-3121, CVE-2021-38561, CVE-2023-43804)
Summary github.com/gogo/protobuf, golang.org/x/text, urllib3 are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP clien...
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploi...